[wp-hackers] Re: wp_insert_link() --> rss output

[Christian Höltje]

* Russ Gilman-Hunt (gilmanhunt at comcast.net) [071010 20:58]:
> Good evening.
> 
> First, I'm happy to write a patch for this, I just want to know where I
> should patch it and keep most consistent with wp development.
> 
> I'm working with feedwordpress, and I'm getting bad urls
> imported. It calls wp_insert_link() for 2.0+ versions of wordpress.
> The urls have unescaped ampersands (foo.php?bar=blah&baz=blah ).
> 
> Looking up the function wp_insert_link, it doesn't do any "fixoring"
> of the url it accepts.  wp_insert_link is called by some import
> scripts and by the bookmark.php script.
> 
> I'm pretty sure that "urls are supposed to have the ampersand
> escaped," but that almost all browsers will accept them unescaped
> (by escaped, I mean replaced with &, not really escaped ).
> However, it's leading to breakage with RSS readers; feedburner won't
> take one of my feeds because of the ampersands (actually because
> &baz does not end with a semicolon, but that's the problem).

In HTML and especially XML/XHTML/RSS the characters &, < , " must be
be replaced with entities (escaping).  However, the canonical form of
a URL is without any entities.  You would type in a browser
foo.php?a=b&c=d not foo.php?a=b&amp;c=d.  The second would produce two
arguments a=b and amp;c=d

I would guess that wp_insert_links is expected non-entity URLs, since
that I would expect that the web-page should escape the output of
get_link() as appropriate for the output medium.

I don't know enough about feedwordpress to know which one is at fault.

Ciao!

-- 
Isn't it strange that the same people that laugh at gypsy fortune tellers
take economists seriously?

The Doctor What: Not that 'who' guy.             http://docwhat.gerf.org/
docwhat *at* gerf *dot* org                                        KF6VNC